@zama-fhe/sdk 3.3.0 → 3.3.1-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -2
- package/dist/cjs/base-signer.cjs +1 -1
- package/dist/cjs/base-signer.cjs.map +1 -1
- package/dist/cjs/chains.cjs +1 -1
- package/dist/cjs/chains.cjs.map +1 -1
- package/dist/cjs/cleartext/index.cjs +1 -1
- package/dist/cjs/cleartext.cjs +2 -0
- package/dist/cjs/cleartext.cjs.map +1 -0
- package/dist/cjs/ethers/index.cjs.map +1 -1
- package/dist/cjs/fhevm-relayer.cjs +2 -0
- package/dist/cjs/fhevm-relayer.cjs.map +1 -0
- package/dist/cjs/index.cjs +1 -1
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/cjs/node/index.cjs +2 -0
- package/dist/cjs/node/index.cjs.map +1 -0
- package/dist/cjs/query/index.cjs +1 -1
- package/dist/cjs/query/index.cjs.map +1 -1
- package/dist/cjs/relayer.cjs +1 -1
- package/dist/cjs/relayer.cjs.map +1 -1
- package/dist/cjs/token.cjs +1 -1
- package/dist/cjs/token.cjs.map +1 -1
- package/dist/cjs/viem/index.cjs +1 -1
- package/dist/cjs/viem/index.cjs.map +1 -1
- package/dist/cjs/web/index.cjs +1 -590
- package/dist/cjs/web/index.cjs.map +1 -1
- package/dist/cjs/wrappers-registry.cjs.map +1 -1
- package/dist/esm/base-signer-CI-FYai2.js +2 -0
- package/dist/esm/base-signer-CI-FYai2.js.map +1 -0
- package/dist/esm/{base-signer-C3Wc5oi9.d.ts → base-signer-Q2EJECrc.d.ts} +2 -2
- package/dist/esm/chains/index.d.ts +2 -3
- package/dist/esm/chains/index.js +1 -1
- package/dist/esm/chains-CLv9HEJ_.js +2 -0
- package/dist/esm/chains-CLv9HEJ_.js.map +1 -0
- package/dist/esm/cleartext/index.d.ts +3 -2
- package/dist/esm/cleartext/index.js +1 -1
- package/dist/esm/cleartext-BfXTVQu-.js +2 -0
- package/dist/esm/cleartext-BfXTVQu-.js.map +1 -0
- package/dist/esm/cleartext-U6sPs_Kd.d.ts +19 -0
- package/dist/esm/ethers/index.d.ts +4 -5
- package/dist/esm/ethers/index.js +1 -1
- package/dist/esm/ethers/index.js.map +1 -1
- package/dist/esm/fhevm-relayer-B-lEKfPQ.js +2 -0
- package/dist/esm/fhevm-relayer-B-lEKfPQ.js.map +1 -0
- package/dist/esm/index-BnIp_-Ak.d.ts +328 -0
- package/dist/esm/{index-CYBH0nyo.d.ts → index-D66eC3G7.d.ts} +60 -13
- package/dist/esm/index.d.ts +8 -11
- package/dist/esm/index.js +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/node/index.d.ts +5 -194
- package/dist/esm/node/index.js +1 -1
- package/dist/esm/node/index.js.map +1 -1
- package/dist/esm/query/index.d.ts +3 -380
- package/dist/esm/query/index.js +1 -1
- package/dist/esm/query/index.js.map +1 -1
- package/dist/esm/relayer-BYq9bLh8.js +2 -0
- package/dist/esm/relayer-BYq9bLh8.js.map +1 -0
- package/dist/esm/token-CmHTAAWW.js +2 -0
- package/dist/esm/token-CmHTAAWW.js.map +1 -0
- package/dist/esm/{types-piBsdTIP.d.ts → types-Bov8XY36.d.ts} +3 -3
- package/dist/esm/{types-OHIaPwCy.d.ts → types-BpvL50qX.d.ts} +3 -3
- package/dist/esm/types-C-WTLcHZ.d.ts +988 -0
- package/dist/esm/viem/index.d.ts +4 -5
- package/dist/esm/viem/index.js +1 -1
- package/dist/esm/viem/index.js.map +1 -1
- package/dist/esm/web/index.d.ts +6 -9
- package/dist/esm/web/index.js +1 -590
- package/dist/esm/web/index.js.map +1 -1
- package/dist/esm/{wrappers-registry-C1oK8Bi6.js → wrappers-registry-xZWzyAi4.js} +2 -2
- package/dist/esm/wrappers-registry-xZWzyAi4.js.map +1 -0
- package/dist/esm/{index-C1Mtc8Rw.d.ts → zama-sdk-q4_qt64Q.d.ts} +1471 -1102
- package/package.json +6 -2
- package/dist/cjs/assertions.cjs +0 -2
- package/dist/cjs/assertions.cjs.map +0 -1
- package/dist/cjs/encryption.cjs +0 -2
- package/dist/cjs/encryption.cjs.map +0 -1
- package/dist/cjs/relayer-cleartext.cjs +0 -2
- package/dist/cjs/relayer-cleartext.cjs.map +0 -1
- package/dist/cjs/relayer-sdk.worker.js +0 -589
- package/dist/cjs/timeout.cjs +0 -2
- package/dist/cjs/timeout.cjs.map +0 -1
- package/dist/cjs/validation.cjs +0 -2
- package/dist/cjs/validation.cjs.map +0 -1
- package/dist/esm/assertions-zYseN5Xz.js +0 -2
- package/dist/esm/assertions-zYseN5Xz.js.map +0 -1
- package/dist/esm/base-signer-DjytqPkd.js +0 -2
- package/dist/esm/base-signer-DjytqPkd.js.map +0 -1
- package/dist/esm/chains-CXcO1DBP.js +0 -2
- package/dist/esm/chains-CXcO1DBP.js.map +0 -1
- package/dist/esm/cleartext-DAkOTlrE.d.ts +0 -19
- package/dist/esm/cleartext-rTWFctyd.js +0 -2
- package/dist/esm/cleartext-rTWFctyd.js.map +0 -1
- package/dist/esm/encryption-x4Z_Icqk.js +0 -2
- package/dist/esm/encryption-x4Z_Icqk.js.map +0 -1
- package/dist/esm/hex-A72GrTf9.js +0 -2
- package/dist/esm/hex-A72GrTf9.js.map +0 -1
- package/dist/esm/indexeddb-storage-Mi-fCWN3.js +0 -2
- package/dist/esm/indexeddb-storage-Mi-fCWN3.js.map +0 -1
- package/dist/esm/memory-storage-fp9RY5BQ.js +0 -2
- package/dist/esm/memory-storage-fp9RY5BQ.js.map +0 -1
- package/dist/esm/node/relayer-sdk.node-worker.d.ts +0 -1
- package/dist/esm/node/relayer-sdk.node-worker.js +0 -2
- package/dist/esm/node/relayer-sdk.node-worker.js.map +0 -1
- package/dist/esm/relayer-cleartext-Bp6jtxDd.js +0 -2
- package/dist/esm/relayer-cleartext-Bp6jtxDd.js.map +0 -1
- package/dist/esm/relayer-cleartext-CSeMlmGO.d.ts +0 -844
- package/dist/esm/relayer-eavK5bfZ.js +0 -2
- package/dist/esm/relayer-eavK5bfZ.js.map +0 -1
- package/dist/esm/relayer-sdk.worker.js +0 -589
- package/dist/esm/timeout-CNVfiaJD.js +0 -2
- package/dist/esm/timeout-CNVfiaJD.js.map +0 -1
- package/dist/esm/token-Bt33g0zQ.js +0 -2
- package/dist/esm/token-Bt33g0zQ.js.map +0 -1
- package/dist/esm/types-BgczXqW2.d.ts +0 -49
- package/dist/esm/types-Gn5MeDsr.d.ts +0 -669
- package/dist/esm/validation-DLszOweh.js +0 -2
- package/dist/esm/validation-DLszOweh.js.map +0 -1
- package/dist/esm/worker.base-client-BVnT4yJa.js +0 -2
- package/dist/esm/worker.base-client-BVnT4yJa.js.map +0 -1
- package/dist/esm/wrappers-registry-C1oK8Bi6.js.map +0 -1
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"relayer-cleartext-Bp6jtxDd.js","names":["#client","#config","#assertDecryptAuthorization","#decryptHandles","#isAllowedForDecryption","#readPlaintext","#assertDelegation","#persistAllowed"],"sources":["../../src/errors/entitlement.ts","../../src/relayer/cleartext/eip712.ts","../../src/relayer/cleartext/constants.ts","../../src/relayer/cleartext/fhe-type.ts","../../src/relayer/cleartext/handle.ts","../../src/relayer/cleartext/relayer-cleartext.ts"],"sourcesContent":["import { ZamaError, ZamaErrorCode } from \"./base\";\n\n/**\n * The signer (or delegator) lacks ACL permission to decrypt the encrypted value —\n * `persistAllowed` returned `false`. Terminal and **non-retryable**: the fix is\n * an on-chain grant (`FHE.allow`), or for indexers, to wait for a backfill once\n * the grant lands. Distinct from transient failures like {@link RpcRateLimitError}.\n *\n * @example\n * ```ts\n * try {\n * await sdk.decryption.decryptValues([{ encryptedValue, contractAddress }]);\n * } catch (e) {\n * if (e instanceof NotEntitledError) {\n * // don't retry — wait for an ACL grant / backfill\n * }\n * }\n * ```\n */\nexport class NotEntitledError extends ZamaError {\n /** The encrypted value the actor is not entitled to decrypt. */\n readonly encryptedValue: string;\n /** The contract the encrypted value belongs to. */\n readonly contractAddress: string;\n /** The actor (signer or delegator) that lacks ACL permission. */\n readonly account: string;\n\n constructor(\n args: { encryptedValue: string; contractAddress: string; account: string },\n options?: ErrorOptions,\n ) {\n super(\n ZamaErrorCode.NotEntitled,\n `Account ${args.account} is not entitled to decrypt encrypted value ${args.encryptedValue} ` +\n `on contract ${args.contractAddress}. This is not a transient failure — ` +\n `the account needs an on-chain ACL grant before it can decrypt this encrypted value.`,\n options,\n );\n this.name = \"NotEntitledError\";\n this.encryptedValue = args.encryptedValue;\n this.contractAddress = args.contractAddress;\n this.account = args.account;\n }\n}\n","import type { Address } from \"viem\";\nimport type {\n CoprocessorEIP712DomainType,\n CoprocessorEIP712TypesType,\n KmsDelegatedUserDecryptEIP712TypesType,\n KmsEIP712DomainType,\n KmsPublicDecryptEIP712TypesType,\n KmsUserDecryptEIP712TypesType,\n} from \"@zama-fhe/relayer-sdk/bundle\";\n\nconst inputDomain = (\n chainId: number | bigint,\n verifyingContract: Address,\n): CoprocessorEIP712DomainType => ({\n name: \"InputVerification\",\n version: \"1\",\n chainId: BigInt(chainId),\n verifyingContract,\n});\n\nconst decryptionDomain = (\n chainId: number | bigint,\n verifyingContract: Address,\n): KmsEIP712DomainType => ({\n name: \"Decryption\",\n version: \"1\",\n chainId: BigInt(chainId),\n verifyingContract,\n});\n\nexport const INPUT_VERIFICATION_EIP712 = {\n domain: inputDomain,\n types: {\n CiphertextVerification: [\n { name: \"ctHandles\", type: \"bytes32[]\" },\n { name: \"userAddress\", type: \"address\" },\n { name: \"contractAddress\", type: \"address\" },\n { name: \"contractChainId\", type: \"uint256\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\nexport const KMS_DECRYPTION_EIP712 = {\n domain: decryptionDomain,\n types: {\n PublicDecryptVerification: [\n { name: \"ctHandles\", type: \"bytes32[]\" },\n { name: \"decryptedResult\", type: \"bytes\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\nexport const USER_DECRYPT_EIP712 = {\n domain: decryptionDomain,\n types: {\n UserDecryptRequestVerification: [\n { name: \"publicKey\", type: \"bytes\" },\n { name: \"contractAddresses\", type: \"address[]\" },\n { name: \"startTimestamp\", type: \"uint256\" },\n { name: \"durationDays\", type: \"uint256\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\nexport const DELEGATED_USER_DECRYPT_EIP712 = {\n domain: decryptionDomain,\n types: {\n DelegatedUserDecryptRequestVerification: [\n { name: \"publicKey\", type: \"bytes\" },\n { name: \"contractAddresses\", type: \"address[]\" },\n { name: \"delegatorAddress\", type: \"address\" },\n { name: \"startTimestamp\", type: \"uint256\" },\n { name: \"durationDays\", type: \"uint256\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\n// ── Compile-time structural checks against relayer-sdk types ──────────\n// These assertions ensure our local EIP-712 type arrays stay in sync with\n// the relayer-sdk's canonical definitions. A mismatch will cause a build error.\ntype AssertFieldsMatch<\n Local extends readonly { readonly name: string; readonly type: string }[],\n Canonical extends readonly { readonly name: string; readonly type: string }[],\n> = [Local[\"length\"]] extends [Canonical[\"length\"]]\n ? {\n [K in keyof Local]: Local[K] extends { readonly name: infer N; readonly type: infer T }\n ? Canonical[K & keyof Canonical] extends { readonly name: N; readonly type: T }\n ? true\n : { error: `Field mismatch at index ${K & string}` }\n : never;\n }\n : { error: \"Field count mismatch\" };\n\n// Wrapping in readonly true[] ensures a mismatch produces a compile error\n// (not just an inert type alias that TypeScript silently accepts).\ntype AssertAllTrue<T extends readonly true[]> = T;\n\ntype _CheckInput = AssertAllTrue<\n AssertFieldsMatch<\n typeof INPUT_VERIFICATION_EIP712.types.CiphertextVerification,\n CoprocessorEIP712TypesType[\"CiphertextVerification\"]\n >\n>;\ntype _CheckPublicDecrypt = AssertAllTrue<\n AssertFieldsMatch<\n typeof KMS_DECRYPTION_EIP712.types.PublicDecryptVerification,\n KmsPublicDecryptEIP712TypesType[\"PublicDecryptVerification\"]\n >\n>;\ntype _CheckUserDecrypt = AssertAllTrue<\n AssertFieldsMatch<\n typeof USER_DECRYPT_EIP712.types.UserDecryptRequestVerification,\n KmsUserDecryptEIP712TypesType[\"UserDecryptRequestVerification\"]\n >\n>;\ntype _CheckDelegatedDecrypt = AssertAllTrue<\n AssertFieldsMatch<\n typeof DELEGATED_USER_DECRYPT_EIP712.types.DelegatedUserDecryptRequestVerification,\n KmsDelegatedUserDecryptEIP712TypesType[\"DelegatedUserDecryptRequestVerification\"]\n >\n>;\n","export const HANDLE_VERSION = 0;\n\nexport const PREHANDLE_MASK = 0xffffffffffffffffffffffffffffffffffffffffff0000000000000000000000n;\n\n// Constants used for instanciation of the cleartext FHEVM instance.\nexport const MOCK_INPUT_SIGNER_PK =\n \"0x7ec8ada6642fc4ccfb7729bc29c17cf8d21b61abd5642d1db992c0b8672ab901\";\nexport const MOCK_KMS_SIGNER_PK =\n \"0x388b7680e4e1afa06efbfd45cdd1fe39f3c6af381df6555a19661f283b97de91\";\n","// Copied from @zama-fhe/relayer-sdk/src/sdk/FheType.ts\n// Pure utility functions with zero WASM dependency.\n// Adapted to use simple errors instead of RelayerErrorBase hierarchy.\n\n////////////////////////////////////////////////////////////////////////////////\n// Types (from types/primitives.d.ts)\n////////////////////////////////////////////////////////////////////////////////\n\nexport interface FheTypeNameToIdMap {\n ebool: 0;\n //euint4: 1; deprecated\n euint8: 2;\n euint16: 3;\n euint32: 4;\n euint64: 5;\n euint128: 6;\n eaddress: 7;\n euint256: 8;\n}\n\nexport interface FheTypeIdToNameMap {\n 0: \"ebool\";\n //1: 'euint4'; deprecated\n 2: \"euint8\";\n 3: \"euint16\";\n 4: \"euint32\";\n 5: \"euint64\";\n 6: \"euint128\";\n 7: \"eaddress\";\n 8: \"euint256\";\n}\n\nexport interface FheTypeEncryptionBitwidthToIdMap {\n 2: FheTypeNameToIdMap[\"ebool\"];\n 8: FheTypeNameToIdMap[\"euint8\"];\n 16: FheTypeNameToIdMap[\"euint16\"];\n 32: FheTypeNameToIdMap[\"euint32\"];\n 64: FheTypeNameToIdMap[\"euint64\"];\n 128: FheTypeNameToIdMap[\"euint128\"];\n 160: FheTypeNameToIdMap[\"eaddress\"];\n 256: FheTypeNameToIdMap[\"euint256\"];\n}\n\nexport type FheTypeIdToEncryptionBitwidthMap = {\n [K in keyof FheTypeEncryptionBitwidthToIdMap as FheTypeEncryptionBitwidthToIdMap[K]]: K;\n};\n\ntype Prettify<T> = { [K in keyof T]: T[K] } & {};\n\nexport type FheTypeName = Prettify<keyof FheTypeNameToIdMap>;\nexport type FheTypeId = Prettify<keyof FheTypeIdToNameMap>;\nexport type EncryptionBits = Prettify<keyof FheTypeEncryptionBitwidthToIdMap>;\n\n////////////////////////////////////////////////////////////////////////////////\n// Lookup Maps\n////////////////////////////////////////////////////////////////////////////////\n\nconst MINIMUM_ENCRYPTION_BIT_WIDTH = 2;\n\nconst FheTypeNameToId: FheTypeNameToIdMap = {\n ebool: 0,\n //euint4: 1, deprecated\n euint8: 2,\n euint16: 3,\n euint32: 4,\n euint64: 5,\n euint128: 6,\n eaddress: 7,\n euint256: 8,\n} as const;\n\nconst FheTypeIdToName: FheTypeIdToNameMap = {\n 0: \"ebool\",\n //1: 'euint4', deprecated\n 2: \"euint8\",\n 3: \"euint16\",\n 4: \"euint32\",\n 5: \"euint64\",\n 6: \"euint128\",\n 7: \"eaddress\",\n 8: \"euint256\",\n} as const;\n\nconst FheTypeIdToEncryptionBitwidth: FheTypeIdToEncryptionBitwidthMap = {\n 0: 2,\n //1:?, euint4 deprecated\n 2: 8,\n 3: 16,\n 4: 32,\n 5: 64,\n 6: 128,\n 7: 160,\n 8: 256,\n} as const;\n\nconst EncryptionBitwidthToFheTypeId: FheTypeEncryptionBitwidthToIdMap = {\n 2: 0,\n 8: 2,\n 16: 3,\n 32: 4,\n 64: 5,\n 128: 6,\n 160: 7,\n 256: 8,\n} as const;\n\nObject.freeze(FheTypeNameToId);\nObject.freeze(FheTypeIdToName);\nObject.freeze(FheTypeIdToEncryptionBitwidth);\nObject.freeze(EncryptionBitwidthToFheTypeId);\n\n////////////////////////////////////////////////////////////////////////////////\n// Type Guards\n////////////////////////////////////////////////////////////////////////////////\n\nexport function isFheTypeId(value: unknown): value is FheTypeId {\n switch (value as FheTypeId) {\n case 0:\n case 2:\n case 3:\n case 4:\n case 5:\n case 6:\n case 7:\n case 8:\n return true;\n default:\n return false;\n }\n}\n\nexport function isFheTypeName(value: unknown): value is FheTypeName {\n if (typeof value !== \"string\") {\n return false;\n }\n return value in FheTypeNameToId;\n}\n\nexport function isEncryptionBits(value: unknown): value is EncryptionBits {\n if (typeof value !== \"number\") {\n return false;\n }\n return value in EncryptionBitwidthToFheTypeId;\n}\n\n////////////////////////////////////////////////////////////////////////////////\n// Converters\n////////////////////////////////////////////////////////////////////////////////\n\nexport function fheTypeIdFromEncryptionBits(bitwidth: number): FheTypeId {\n if (!isEncryptionBits(bitwidth)) {\n throw new Error(`Invalid encryption bits ${bitwidth}`);\n }\n return EncryptionBitwidthToFheTypeId[bitwidth];\n}\n\nexport function fheTypeIdFromName(name: string): FheTypeId {\n if (!isFheTypeName(name)) {\n throw new Error(`Invalid FheType name '${name}'`);\n }\n return FheTypeNameToId[name];\n}\n\nexport function fheTypeNameFromId(id: number): FheTypeName {\n if (!isFheTypeId(id)) {\n throw new Error(`Invalid FheType id '${id}'`);\n }\n return FheTypeIdToName[id];\n}\n\nexport function encryptionBitsFromFheTypeId(typeId: number): EncryptionBits {\n if (!isFheTypeId(typeId)) {\n throw new Error(`Invalid FheType id '${typeId}'`);\n }\n const bw = FheTypeIdToEncryptionBitwidth[typeId];\n if (bw < MINIMUM_ENCRYPTION_BIT_WIDTH) {\n throw new Error(\n `Invalid FheType encryption bit width: ${bw}. Minimum is ${MINIMUM_ENCRYPTION_BIT_WIDTH} bits.`,\n );\n }\n return bw;\n}\n\nexport function encryptionBitsFromFheTypeName(name: string): EncryptionBits {\n if (!isFheTypeName(name)) {\n throw new Error(`Invalid FheType name '${name}'`);\n }\n const bw = FheTypeIdToEncryptionBitwidth[FheTypeNameToId[name]];\n if (bw < MINIMUM_ENCRYPTION_BIT_WIDTH) {\n throw new Error(\n `Invalid FheType encryption bit width: ${bw}. Minimum is ${MINIMUM_ENCRYPTION_BIT_WIDTH} bits.`,\n );\n }\n return bw;\n}\n","import { concat, encodePacked, keccak256, pad, toBytes, toHex, type Address, type Hex } from \"viem\";\nimport { HANDLE_VERSION, PREHANDLE_MASK } from \"./constants\";\nimport { encryptionBitsFromFheTypeId, type FheTypeId } from \"./fhe-type\";\nimport { EncryptionFailedError } from \"../../errors\";\n\nconst RAW_CT_HASH_DOMAIN_SEPARATOR = toBytes(\"ZK-w_rct\");\nconst HANDLE_HASH_DOMAIN_SEPARATOR = toBytes(\"ZK-w_hdl\");\n\nfunction cleartextToBytes(cleartext: bigint, fheType: FheTypeId): Uint8Array {\n const byteLength = Math.ceil(encryptionBitsFromFheTypeId(fheType) / 8);\n return toBytes(pad(toHex(cleartext), { size: byteLength }));\n}\n\nexport function computeMockCiphertext(\n fheType: FheTypeId,\n cleartext: bigint,\n random32: Uint8Array,\n): Hex {\n if (random32.length !== 32) {\n throw new EncryptionFailedError(\"random32 must be exactly 32 bytes\");\n }\n\n const clearBytes = cleartextToBytes(cleartext, fheType);\n const inner = keccak256(\n concat([toHex(new Uint8Array([fheType])), toHex(clearBytes), toHex(random32)]),\n );\n\n return keccak256(concat([toHex(RAW_CT_HASH_DOMAIN_SEPARATOR), inner]));\n}\n\nexport function computeInputHandle(\n mockCiphertext: Hex,\n index: number,\n fheType: FheTypeId,\n aclAddress: Address,\n chainId: bigint,\n): Hex {\n if (!Number.isInteger(index) || index < 0 || index > 255) {\n throw new EncryptionFailedError(\"index must be an integer between 0 and 255\");\n }\n\n const blobHash = keccak256(concat([toHex(RAW_CT_HASH_DOMAIN_SEPARATOR), mockCiphertext]));\n const handleHash = keccak256(\n encodePacked(\n [\"bytes\", \"bytes32\", \"uint8\", \"address\", \"uint256\"],\n [toHex(HANDLE_HASH_DOMAIN_SEPARATOR), blobHash, index, aclAddress, chainId],\n ),\n );\n\n const chainId64 = chainId & 0xffff_ffff_ffff_ffffn;\n const handle =\n (BigInt(handleHash) & PREHANDLE_MASK) |\n (BigInt(index) << 80n) |\n (chainId64 << 16n) |\n (BigInt(fheType) << 8n) |\n BigInt(HANDLE_VERSION);\n\n return toHex(handle, { size: 32 });\n}\n","import type { PrivateKeyAccount } from \"viem/accounts\";\nimport { privateKeyToAccount } from \"viem/accounts\";\nimport {\n concat,\n createPublicClient,\n custom,\n getAddress,\n http,\n keccak256,\n pad,\n parseAbi,\n toHex,\n type Address,\n type Hex,\n type PublicClient,\n} from \"viem\";\nimport { mainnet, sepolia } from \"viem/chains\";\nimport type {\n InputProofBytesType,\n KmsDelegatedUserDecryptEIP712Type,\n KmsPublicDecryptEIP712Type,\n KmsUserDecryptEIP712Type,\n ZKProofLike,\n} from \"@zama-fhe/relayer-sdk/bundle\";\n\nimport type { TransportKeyPair } from \"../../credentials/types\";\nimport type { RelayerSDK } from \"../relayer-sdk\";\nimport type {\n ClearValue,\n DelegatedUserDecryptParams,\n EIP712TypedData,\n EncryptParams,\n EncryptResult,\n EncryptedValue,\n FheEncryptionKey,\n PublicDecryptResult,\n PublicParamsData,\n UserDecryptParams,\n} from \"../relayer-sdk.types\";\nimport {\n DELEGATED_USER_DECRYPT_EIP712,\n INPUT_VERIFICATION_EIP712,\n KMS_DECRYPTION_EIP712,\n USER_DECRYPT_EIP712,\n} from \"./eip712\";\nimport { MOCK_INPUT_SIGNER_PK, MOCK_KMS_SIGNER_PK } from \"./constants\";\nimport {\n encryptionBitsFromFheTypeId,\n fheTypeIdFromName,\n isFheTypeName,\n type FheTypeId,\n} from \"./fhe-type\";\nimport { computeInputHandle, computeMockCiphertext } from \"./handle\";\nimport type { FheChain } from \"../../chains/types\";\nimport {\n ConfigurationError,\n DecryptionFailedError,\n EncryptionFailedError,\n NotEntitledError,\n} from \"../../errors\";\n\nconst ACL_ABI = parseAbi([\n \"function persistAllowed(bytes32 handle, address account) view returns (bool)\",\n \"function isAllowedForDecryption(bytes32 handle) view returns (bool)\",\n \"function isHandleDelegatedForUserDecryption(address delegator, address delegate, address contractAddress, bytes32 handle) view returns (bool)\",\n]);\n\nconst EXECUTOR_ABI = parseAbi([\"function plaintexts(bytes32 handle) view returns (uint256)\"]);\n\nconst STANDARD_EIP712_DOMAIN = [\n { name: \"name\", type: \"string\" },\n { name: \"version\", type: \"string\" },\n { name: \"chainId\", type: \"uint256\" },\n { name: \"verifyingContract\", type: \"address\" },\n] as const;\n\nconst USER_DECRYPT_TYPES = {\n EIP712Domain: STANDARD_EIP712_DOMAIN,\n UserDecryptRequestVerification: USER_DECRYPT_EIP712.types.UserDecryptRequestVerification,\n} satisfies KmsUserDecryptEIP712Type[\"types\"];\nconst DELEGATED_USER_DECRYPT_TYPES = {\n EIP712Domain: STANDARD_EIP712_DOMAIN,\n DelegatedUserDecryptRequestVerification:\n DELEGATED_USER_DECRYPT_EIP712.types.DelegatedUserDecryptRequestVerification,\n} satisfies KmsDelegatedUserDecryptEIP712Type[\"types\"];\nconst KMS_DECRYPTION_TYPES = {\n EIP712Domain: STANDARD_EIP712_DOMAIN,\n PublicDecryptVerification: KMS_DECRYPTION_EIP712.types.PublicDecryptVerification,\n} satisfies KmsPublicDecryptEIP712Type[\"types\"];\n\nconst FORBIDDEN_CHAIN_IDS = new Set<number>([mainnet.id, sepolia.id]);\n\n// FheTypeId constants for hot-path comparisons\nconst EBOOL_ID: FheTypeId = 0;\nconst EADDRESS_ID: FheTypeId = 7;\n\nfunction decodeClearValue(encryptedValue: EncryptedValue, rawValue: bigint): ClearValue {\n const typeByte = Number((BigInt(encryptedValue) >> 8n) & 0xffn);\n if (typeByte === EBOOL_ID) {\n return rawValue !== 0n;\n }\n if (typeByte === EADDRESS_ID) {\n return toHex(rawValue, { size: 20 });\n }\n return rawValue;\n}\n\nfunction normalizeEncryptValue(entry: EncryptParams[\"values\"][number]): {\n fheType: FheTypeId;\n value: bigint;\n} {\n if (!isFheTypeName(entry.type)) {\n throw new EncryptionFailedError(\"Unsupported FHE type\");\n }\n\n const fheType = fheTypeIdFromName(entry.type);\n\n let value: bigint;\n if (entry.type === \"ebool\") {\n if (typeof entry.value === \"boolean\") {\n value = entry.value ? 1n : 0n;\n } else {\n value = entry.value;\n if (value !== 0n && value !== 1n) {\n throw new EncryptionFailedError(\"Bool value must be 0, 1, true, or false\");\n }\n }\n } else if (entry.type === \"eaddress\") {\n value = BigInt(getAddress(entry.value));\n } else {\n value = entry.value;\n }\n\n if (value < 0n) {\n throw new EncryptionFailedError(\"Only non-negative cleartext values are supported\");\n }\n\n const bits = encryptionBitsFromFheTypeId(fheType);\n const maxValue = (1n << BigInt(bits)) - 1n;\n if (value > maxValue) {\n throw new EncryptionFailedError(\n `Value ${value} exceeds max ${maxValue} for FheType ${fheType}`,\n );\n }\n\n return { fheType, value };\n}\n\nexport class RelayerCleartext implements RelayerSDK, Disposable {\n readonly #client: PublicClient;\n readonly #config: FheChain;\n readonly kmsSigner: PrivateKeyAccount;\n readonly inputSigner: PrivateKeyAccount;\n\n constructor(config: FheChain) {\n if (FORBIDDEN_CHAIN_IDS.has(config.id)) {\n throw new ConfigurationError(\n `Cleartext mode is not allowed on chain ${config.id}. ` +\n `It is intended for local development and testing only.`,\n );\n }\n if (!config.executorAddress) {\n throw new ConfigurationError(\n `Cleartext transport requires an executorAddress for chain ${config.id}.`,\n );\n }\n this.#client = createPublicClient({\n transport: typeof config.network === \"string\" ? http(config.network) : custom(config.network),\n });\n this.#config = config;\n this.kmsSigner = privateKeyToAccount(config.kmsSignerPrivateKey ?? MOCK_KMS_SIGNER_PK);\n this.inputSigner = privateKeyToAccount(config.inputSignerPrivateKey ?? MOCK_INPUT_SIGNER_PK);\n }\n\n async generateTransportKeyPair(): Promise<TransportKeyPair> {\n const publicKey = toHex(crypto.getRandomValues(new Uint8Array(32)));\n let privateKey = toHex(crypto.getRandomValues(new Uint8Array(32)));\n\n while (privateKey === publicKey) {\n privateKey = toHex(crypto.getRandomValues(new Uint8Array(32)));\n }\n\n return { publicKey, privateKey };\n }\n\n async createEIP712(\n publicKey: Hex,\n contractAddresses: Address[],\n startTimestamp: number,\n durationDays = 7,\n ): Promise<EIP712TypedData> {\n return {\n domain: USER_DECRYPT_EIP712.domain(\n this.#config.id,\n this.#config.verifyingContractAddressDecryption as Address,\n ),\n types: USER_DECRYPT_TYPES,\n primaryType: \"UserDecryptRequestVerification\",\n message: {\n publicKey,\n contractAddresses,\n startTimestamp: String(startTimestamp),\n durationDays: String(durationDays),\n extraData: \"0x00\",\n },\n };\n }\n\n async encrypt(params: EncryptParams): Promise<EncryptResult> {\n const entries = params.values.map(normalizeEncryptValue);\n const contractAddress = getAddress(params.contractAddress);\n const userAddress = getAddress(params.userAddress);\n\n const mockCiphertexts = entries.map(({ fheType, value }) =>\n computeMockCiphertext(fheType, value, crypto.getRandomValues(new Uint8Array(32))),\n );\n\n const ciphertextBlob = keccak256(mockCiphertexts.length > 0 ? concat(mockCiphertexts) : \"0x\");\n\n const handles = entries.map(({ fheType }, index) =>\n computeInputHandle(\n ciphertextBlob,\n index,\n fheType,\n this.#config.aclContractAddress as Address,\n BigInt(this.#config.id),\n ),\n );\n\n const cleartextParts = entries.map(({ value }) => pad(toHex(value), { size: 32 }));\n const cleartextBytes: Hex = cleartextParts.length > 0 ? concat(cleartextParts) : \"0x\";\n\n const signature = await this.inputSigner.signTypedData({\n domain: INPUT_VERIFICATION_EIP712.domain(\n this.#config.gatewayChainId,\n this.#config.verifyingContractAddressInputVerification as Address,\n ),\n types: { CiphertextVerification: INPUT_VERIFICATION_EIP712.types.CiphertextVerification },\n primaryType: \"CiphertextVerification\",\n message: {\n ctHandles: handles,\n userAddress,\n contractAddress,\n contractChainId: BigInt(this.#config.id),\n extraData: cleartextBytes,\n },\n });\n\n const inputProof = concat([\n toHex(new Uint8Array([handles.length])),\n toHex(new Uint8Array([1])),\n ...handles,\n signature,\n cleartextBytes,\n ]);\n\n return { encryptedValues: handles, inputProof };\n }\n\n async userDecrypt(\n params: UserDecryptParams,\n ): Promise<Readonly<Record<EncryptedValue, ClearValue>>> {\n await this.#assertDecryptAuthorization(\n params.encryptedValues,\n getAddress(params.signerAddress),\n getAddress(params.contractAddress),\n \"User\",\n \"user decrypt\",\n );\n\n return this.#decryptHandles(params.encryptedValues);\n }\n\n async publicDecrypt(encryptedValues: EncryptedValue[]): Promise<PublicDecryptResult> {\n const normalizedHandles = encryptedValues;\n\n const allowedResults = await Promise.all(\n normalizedHandles.map((encryptedValue) => this.#isAllowedForDecryption(encryptedValue)),\n );\n const unauthorizedIndex = allowedResults.findIndex((isAllowed) => !isAllowed);\n if (unauthorizedIndex !== -1) {\n throw new DecryptionFailedError(\n `Encrypted value ${normalizedHandles[unauthorizedIndex]!} is not allowed for public decryption`,\n );\n }\n\n const orderedValues = await Promise.all(\n normalizedHandles.map((encryptedValue) => this.#readPlaintext(encryptedValue)),\n );\n const clearValues: PublicDecryptResult[\"clearValues\"] = Object.fromEntries(\n normalizedHandles.map((encryptedValue, index) => [\n encryptedValue,\n decodeClearValue(encryptedValue, orderedValues[index]!),\n ]),\n );\n\n const abiEncodedClearValues = concat(orderedValues.map((v) => pad(toHex(v), { size: 32 })));\n\n const signature = await this.kmsSigner.signTypedData({\n domain: KMS_DECRYPTION_EIP712.domain(\n this.#config.gatewayChainId,\n this.#config.verifyingContractAddressDecryption as Address,\n ),\n types: KMS_DECRYPTION_TYPES,\n primaryType: \"PublicDecryptVerification\",\n message: {\n ctHandles: normalizedHandles,\n decryptedResult: abiEncodedClearValues,\n extraData: \"0x\",\n },\n });\n\n const decryptionProof = concat([toHex(new Uint8Array([1])), signature]);\n\n return { clearValues, abiEncodedClearValues, decryptionProof };\n }\n\n async createDelegatedUserDecryptEIP712(\n publicKey: Hex,\n contractAddresses: Address[],\n delegatorAddress: Address,\n startTimestamp: number,\n durationDays = 7,\n ): Promise<KmsDelegatedUserDecryptEIP712Type> {\n const message: KmsDelegatedUserDecryptEIP712Type[\"message\"] = {\n publicKey,\n contractAddresses,\n delegatorAddress: getAddress(delegatorAddress),\n startTimestamp: String(startTimestamp),\n durationDays: String(durationDays),\n extraData: \"0x00\",\n };\n\n return {\n domain: DELEGATED_USER_DECRYPT_EIP712.domain(\n this.#config.id,\n this.#config.verifyingContractAddressDecryption as Address,\n ),\n types: DELEGATED_USER_DECRYPT_TYPES,\n primaryType: \"DelegatedUserDecryptRequestVerification\",\n message,\n };\n }\n\n async delegatedUserDecrypt(\n params: DelegatedUserDecryptParams,\n ): Promise<Readonly<Record<EncryptedValue, ClearValue>>> {\n await this.#assertDelegation(\n params.encryptedValues,\n getAddress(params.delegatorAddress),\n getAddress(params.delegateAddress),\n getAddress(params.contractAddress),\n );\n\n return this.#decryptHandles(params.encryptedValues);\n }\n\n async requestZKProofVerification(_zkProof: ZKProofLike): Promise<InputProofBytesType> {\n throw new ConfigurationError(\"Not implemented in cleartext mode\");\n }\n\n async fetchFheEncryptionKeyBytes(): Promise<FheEncryptionKey | null> {\n return { publicKeyId: \"mock-public-key-id\", publicKey: new Uint8Array([32]) };\n }\n\n async getPublicParams(_bits: number): Promise<PublicParamsData | null> {\n return { publicParams: new Uint8Array([32]), publicParamsId: \"mock-public-params-id\" };\n }\n\n async getAclAddress(): Promise<Address> {\n return this.#config.aclContractAddress as Address;\n }\n\n terminate(): void {\n // No resources to release in cleartext mode.\n }\n\n /** Calls {@link terminate} (no-op in cleartext mode). */\n [Symbol.dispose](): void {\n this.terminate();\n }\n\n async #decryptHandles(\n normalizedEncryptedValues: EncryptedValue[],\n ): Promise<Readonly<Record<EncryptedValue, ClearValue>>> {\n const values = await Promise.all(\n normalizedEncryptedValues.map((encryptedValue) => this.#readPlaintext(encryptedValue)),\n );\n\n return Object.fromEntries(\n normalizedEncryptedValues.map((encryptedValue, index) => [\n encryptedValue,\n decodeClearValue(encryptedValue, values[index]!),\n ]),\n );\n }\n\n async #assertDecryptAuthorization(\n normalizedEncryptedValues: EncryptedValue[],\n actorAddress: Address,\n contractAddress: Address,\n actorLabel: \"User\" | \"Delegator\",\n operationLabel: \"user decrypt\" | \"delegated decrypt\",\n ): Promise<void> {\n if (actorAddress === contractAddress) {\n throw new DecryptionFailedError(\n `${actorLabel} address ${actorAddress} must not equal contract address for ${operationLabel}`,\n );\n }\n\n const results = await Promise.all(\n normalizedEncryptedValues.flatMap((encryptedValue) => [\n this.#persistAllowed(encryptedValue, actorAddress),\n this.#persistAllowed(encryptedValue, contractAddress),\n ]),\n );\n\n for (let i = 0; i < normalizedEncryptedValues.length; i++) {\n const actorAllowed = results[i * 2];\n const contractAllowed = results[i * 2 + 1];\n if (!actorAllowed) {\n throw new NotEntitledError({\n encryptedValue: normalizedEncryptedValues[i]!,\n contractAddress,\n account: actorAddress,\n });\n }\n if (!contractAllowed) {\n throw new DecryptionFailedError(\n `Contract ${contractAddress} is not authorized for ${operationLabel} of encrypted value ${normalizedEncryptedValues[i]!}`,\n );\n }\n }\n }\n\n async #assertDelegation(\n encryptedValues: EncryptedValue[],\n delegatorAddress: Address,\n delegateAddress: Address,\n contractAddress: Address,\n ): Promise<void> {\n const results = await Promise.all(\n encryptedValues.map((encryptedValue) =>\n this.#client.readContract({\n address: this.#config.aclContractAddress as Address,\n abi: ACL_ABI,\n functionName: \"isHandleDelegatedForUserDecryption\",\n args: [delegatorAddress, delegateAddress, contractAddress, encryptedValue],\n }),\n ),\n );\n\n for (let i = 0; i < encryptedValues.length; i++) {\n if (!results[i]) {\n throw new DecryptionFailedError(\n `Encrypted value ${encryptedValues[i]!} is not delegated for user decryption`,\n );\n }\n }\n\n // Parity with the relayer/worker path: a delegated handle still requires the\n // *delegator* to hold the ACL grant (`persistAllowed`). Without this check,\n // the same condition surfaces differently in local cleartext dev than in\n // production — exactly where integrators wire up their error handling.\n // Cleartext is host-chain-only: `#persistAllowed` reads the ACL directly on\n // the local chain, with no gateway and no cross-chain sync. A failed check\n // here can never be a propagation lag — it is authoritative and permanent —\n // so it maps to the terminal NotEntitledError, not the retryable\n // DelegationNotPropagatedError (which would make the delegated-decrypt retry\n // loop spin its full budget on a local misconfig before failing).\n const delegatorAllowed = await Promise.all(\n encryptedValues.map((encryptedValue) =>\n this.#persistAllowed(encryptedValue, delegatorAddress),\n ),\n );\n\n for (let i = 0; i < encryptedValues.length; i++) {\n if (!delegatorAllowed[i]) {\n throw new NotEntitledError({\n encryptedValue: encryptedValues[i]!,\n contractAddress,\n account: delegatorAddress,\n });\n }\n }\n }\n\n async #persistAllowed(encryptedValue: EncryptedValue, account: Address): Promise<boolean> {\n return this.#client.readContract({\n address: this.#config.aclContractAddress as Address,\n abi: ACL_ABI,\n functionName: \"persistAllowed\",\n args: [encryptedValue, account],\n });\n }\n\n async #isAllowedForDecryption(encryptedValue: EncryptedValue): Promise<boolean> {\n return this.#client.readContract({\n address: this.#config.aclContractAddress as Address,\n abi: ACL_ABI,\n functionName: \"isAllowedForDecryption\",\n args: [encryptedValue],\n });\n }\n\n async #readPlaintext(encryptedValue: EncryptedValue): Promise<bigint> {\n return this.#client.readContract({\n address: this.#config.executorAddress as Address,\n abi: EXECUTOR_ABI,\n functionName: \"plaintexts\",\n args: [encryptedValue],\n });\n }\n}\n"],"mappings":"+XAmBA,IAAa,EAAb,cAAsC,CAAU,CAE9C,eAEA,gBAEA,QAEA,YACE,EACA,EACA,CACA,MACE,EAAc,YACd,WAAW,EAAK,QAAQ,8CAA8C,EAAK,eAAe,eACzE,EAAK,gBAAgB,yHAEtC,CACF,EACA,KAAK,KAAO,mBACZ,KAAK,eAAiB,EAAK,eAC3B,KAAK,gBAAkB,EAAK,gBAC5B,KAAK,QAAU,EAAK,OACtB,CACF,ECjCA,MAAM,GACJ,EACA,KACiC,CACjC,KAAM,oBACN,QAAS,IACT,QAAS,OAAO,CAAO,EACvB,mBACF,GAEM,GACJ,EACA,KACyB,CACzB,KAAM,aACN,QAAS,IACT,QAAS,OAAO,CAAO,EACvB,mBACF,GAEa,EAA4B,CACvC,OAAQ,EACR,MAAO,CACL,uBAAwB,CACtB,CAAE,KAAM,YAAa,KAAM,WAAY,EACvC,CAAE,KAAM,cAAe,KAAM,SAAU,EACvC,CAAE,KAAM,kBAAmB,KAAM,SAAU,EAC3C,CAAE,KAAM,kBAAmB,KAAM,SAAU,EAC3C,CAAE,KAAM,YAAa,KAAM,OAAQ,CACrC,CACF,CACF,EAEa,EAAwB,CACnC,OAAQ,EACR,MAAO,CACL,0BAA2B,CACzB,CAAE,KAAM,YAAa,KAAM,WAAY,EACvC,CAAE,KAAM,kBAAmB,KAAM,OAAQ,EACzC,CAAE,KAAM,YAAa,KAAM,OAAQ,CACrC,CACF,CACF,EAEa,EAAsB,CACjC,OAAQ,EACR,MAAO,CACL,+BAAgC,CAC9B,CAAE,KAAM,YAAa,KAAM,OAAQ,EACnC,CAAE,KAAM,oBAAqB,KAAM,WAAY,EAC/C,CAAE,KAAM,iBAAkB,KAAM,SAAU,EAC1C,CAAE,KAAM,eAAgB,KAAM,SAAU,EACxC,CAAE,KAAM,YAAa,KAAM,OAAQ,CACrC,CACF,CACF,EAEa,EAAgC,CAC3C,OAAQ,EACR,MAAO,CACL,wCAAyC,CACvC,CAAE,KAAM,YAAa,KAAM,OAAQ,EACnC,CAAE,KAAM,oBAAqB,KAAM,WAAY,EAC/C,CAAE,KAAM,mBAAoB,KAAM,SAAU,EAC5C,CAAE,KAAM,iBAAkB,KAAM,SAAU,EAC1C,CAAE,KAAM,eAAgB,KAAM,SAAU,EACxC,CAAE,KAAM,YAAa,KAAM,OAAQ,CACrC,CACF,CACF,EEpBM,EAAsC,CAC1C,MAAO,EAEP,OAAQ,EACR,QAAS,EACT,QAAS,EACT,QAAS,EACT,SAAU,EACV,SAAU,EACV,SAAU,CACZ,EAEM,EAAsC,CAC1C,EAAG,QAEH,EAAG,SACH,EAAG,UACH,EAAG,UACH,EAAG,UACH,EAAG,WACH,EAAG,WACH,EAAG,UACL,EAEM,EAAkE,CACtE,EAAG,EAEH,EAAG,EACH,EAAG,GACH,EAAG,GACH,EAAG,GACH,EAAG,IACH,EAAG,IACH,EAAG,GACL,EAaA,OAAO,OAAO,CAAe,EAC7B,OAAO,OAAO,CAAe,EAC7B,OAAO,OAAO,CAA6B,EAC3C,OAAO,OAAO,CAbZ,EAAG,EACH,EAAG,EACH,GAAI,EACJ,GAAI,EACJ,GAAI,EACJ,IAAK,EACL,IAAK,EACL,IAAK,CAMO,CAA6B,EAM3C,SAAgB,EAAY,EAAoC,CAC9D,OAAQ,EAAR,CACE,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACH,MAAO,GACT,QACE,MAAO,EACX,CACF,CAEA,SAAgB,EAAc,EAAsC,CAIlE,OAHI,OAAO,GAAU,SAGd,KAAS,EAFP,EAGX,CAoBA,SAAgB,EAAkB,EAAyB,CACzD,GAAI,CAAC,EAAc,CAAI,EACrB,MAAU,MAAM,yBAAyB,EAAK,EAAE,EAElD,OAAO,EAAgB,EACzB,CASA,SAAgB,EAA4B,EAAgC,CAC1E,GAAI,CAAC,EAAY,CAAM,EACrB,MAAU,MAAM,uBAAuB,EAAO,EAAE,EAElD,IAAM,EAAK,EAA8B,GACzC,GAAI,EAAK,EACP,MAAU,MACR,yCAAyC,EAAG,qBAC9C,EAEF,OAAO,CACT,CChLA,MAAM,EAA+B,EAAQ,UAAU,EACjD,EAA+B,EAAQ,UAAU,EAEvD,SAAS,EAAiB,EAAmB,EAAgC,CAC3E,IAAM,EAAa,KAAK,KAAK,EAA4B,CAAO,EAAI,CAAC,EACrE,OAAO,EAAQ,EAAI,EAAM,CAAS,EAAG,CAAE,KAAM,CAAW,CAAC,CAAC,CAC5D,CAEA,SAAgB,EACd,EACA,EACA,EACK,CACL,GAAI,EAAS,SAAW,GACtB,MAAM,IAAI,EAAsB,mCAAmC,EAGrE,IAAM,EAAa,EAAiB,EAAW,CAAO,EAChD,EAAQ,EACZ,EAAO,CAAC,EAAM,IAAI,WAAW,CAAC,CAAO,CAAC,CAAC,EAAG,EAAM,CAAU,EAAG,EAAM,CAAQ,CAAC,CAAC,CAC/E,EAEA,OAAO,EAAU,EAAO,CAAC,EAAM,CAA4B,EAAG,CAAK,CAAC,CAAC,CACvE,CAEA,SAAgB,EACd,EACA,EACA,EACA,EACA,EACK,CACL,GAAI,CAAC,OAAO,UAAU,CAAK,GAAK,EAAQ,GAAK,EAAQ,IACnD,MAAM,IAAI,EAAsB,4CAA4C,EAG9E,IAAM,EAAW,EAAU,EAAO,CAAC,EAAM,CAA4B,EAAG,CAAc,CAAC,CAAC,EAClF,EAAa,EACjB,EACE,CAAC,QAAS,UAAW,QAAS,UAAW,SAAS,EAClD,CAAC,EAAM,CAA4B,EAAG,EAAU,EAAO,EAAY,CAAO,CAC5E,CACF,EAEM,EAAY,EAAU,sBAQ5B,OAAO,EANJ,OAAO,CAAU,EAAI,gFACrB,OAAO,CAAK,GAAK,IACjB,GAAa,IACb,OAAO,CAAO,GAAK,GACpB,OAAA,CAAqB,EAEF,CAAE,KAAM,EAAG,CAAC,CACnC,CCGA,MAAM,EAAU,EAAS,CACvB,+EACA,sEACA,+IACF,CAAC,EAEK,EAAe,EAAS,CAAC,4DAA4D,CAAC,EAEtF,EAAyB,CAC7B,CAAE,KAAM,OAAQ,KAAM,QAAS,EAC/B,CAAE,KAAM,UAAW,KAAM,QAAS,EAClC,CAAE,KAAM,UAAW,KAAM,SAAU,EACnC,CAAE,KAAM,oBAAqB,KAAM,SAAU,CAC/C,EAEM,EAAqB,CACzB,aAAc,EACd,+BAAgC,EAAoB,MAAM,8BAC5D,EACM,EAA+B,CACnC,aAAc,EACd,wCACE,EAA8B,MAAM,uCACxC,EACM,EAAuB,CAC3B,aAAc,EACd,0BAA2B,EAAsB,MAAM,yBACzD,EAEM,EAAsB,IAAI,IAAY,CAAC,EAAQ,GAAI,EAAQ,EAAE,CAAC,EAMpE,SAAS,EAAiB,EAAgC,EAA8B,CACtF,IAAM,EAAW,OAAQ,OAAO,CAAc,GAAK,GAAM,IAAK,EAO9D,OANI,IAAa,EACR,IAAa,GAElB,IAAa,EACR,EAAM,EAAU,CAAE,KAAM,EAAG,CAAC,EAE9B,CACT,CAEA,SAAS,EAAsB,EAG7B,CACA,GAAI,CAAC,EAAc,EAAM,IAAI,EAC3B,MAAM,IAAI,EAAsB,sBAAsB,EAGxD,IAAM,EAAU,EAAkB,EAAM,IAAI,EAExC,EACJ,GAAI,EAAM,OAAS,QACjB,IAAI,OAAO,EAAM,OAAU,UACzB,EAAQ,EAAM,MAAQ,GAAK,QAG3B,GADA,EAAQ,EAAM,MACV,IAAU,IAAM,IAAU,GAC5B,MAAM,IAAI,EAAsB,yCAAyC,CAE7E,KACK,CAGL,EAHS,EAAM,OAAS,WAChB,OAAO,EAAW,EAAM,KAAK,CAAC,EAE9B,EAAM,MAGhB,GAAI,EAAQ,GACV,MAAM,IAAI,EAAsB,kDAAkD,EAGpF,IAAM,EAAO,EAA4B,CAAO,EAC1C,GAAY,IAAM,OAAO,CAAI,GAAK,GACxC,GAAI,EAAQ,EACV,MAAM,IAAI,EACR,SAAS,EAAM,eAAe,EAAS,eAAe,GACxD,EAGF,MAAO,CAAE,UAAS,OAAM,CAC1B,CAEA,IAAa,EAAb,KAAgE,CAC9D,GACA,GACA,UACA,YAEA,YAAY,EAAkB,CAC5B,GAAI,EAAoB,IAAI,EAAO,EAAE,EACnC,MAAM,IAAI,EACR,0CAA0C,EAAO,GAAG,yDAEtD,EAEF,GAAI,CAAC,EAAO,gBACV,MAAM,IAAI,EACR,6DAA6D,EAAO,GAAG,EACzE,EAEF,KAAKA,GAAU,EAAmB,CAChC,UAAW,OAAO,EAAO,SAAY,SAAW,EAAK,EAAO,OAAO,EAAI,EAAO,EAAO,OAAO,CAC9F,CAAC,EACD,KAAKC,GAAU,EACf,KAAK,UAAY,EAAoB,EAAO,qBAAA,oEAAyC,EACrF,KAAK,YAAc,EAAoB,EAAO,uBAAA,oEAA6C,CAC7F,CAEA,MAAM,0BAAsD,CAC1D,IAAM,EAAY,EAAM,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,EAC9D,EAAa,EAAM,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,EAEjE,KAAO,IAAe,GACpB,EAAa,EAAM,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,EAG/D,MAAO,CAAE,YAAW,YAAW,CACjC,CAEA,MAAM,aACJ,EACA,EACA,EACA,EAAe,EACW,CAC1B,MAAO,CACL,OAAQ,EAAoB,OAC1B,KAAKA,GAAQ,GACb,KAAKA,GAAQ,kCACf,EACA,MAAO,EACP,YAAa,iCACb,QAAS,CACP,YACA,oBACA,eAAgB,OAAO,CAAc,EACrC,aAAc,OAAO,CAAY,EACjC,UAAW,MACb,CACF,CACF,CAEA,MAAM,QAAQ,EAA+C,CAC3D,IAAM,EAAU,EAAO,OAAO,IAAI,CAAqB,EACjD,EAAkB,EAAW,EAAO,eAAe,EACnD,EAAc,EAAW,EAAO,WAAW,EAE3C,EAAkB,EAAQ,KAAK,CAAE,UAAS,WAC9C,EAAsB,EAAS,EAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,CAClF,EAEM,EAAiB,EAAU,EAAgB,OAAS,EAAI,EAAO,CAAe,EAAI,IAAI,EAEtF,EAAU,EAAQ,KAAK,CAAE,WAAW,IACxC,EACE,EACA,EACA,EACA,KAAKA,GAAQ,mBACb,OAAO,KAAKA,GAAQ,EAAE,CACxB,CACF,EAEM,EAAiB,EAAQ,KAAK,CAAE,WAAY,EAAI,EAAM,CAAK,EAAG,CAAE,KAAM,EAAG,CAAC,CAAC,EAC3E,EAAsB,EAAe,OAAS,EAAI,EAAO,CAAc,EAAI,KAE3E,EAAY,MAAM,KAAK,YAAY,cAAc,CACrD,OAAQ,EAA0B,OAChC,KAAKA,GAAQ,eACb,KAAKA,GAAQ,yCACf,EACA,MAAO,CAAE,uBAAwB,EAA0B,MAAM,sBAAuB,EACxF,YAAa,yBACb,QAAS,CACP,UAAW,EACX,cACA,kBACA,gBAAiB,OAAO,KAAKA,GAAQ,EAAE,EACvC,UAAW,CACb,CACF,CAAC,EAUD,MAAO,CAAE,gBAAiB,EAAS,WARhB,EAAO,CACxB,EAAM,IAAI,WAAW,CAAC,EAAQ,MAAM,CAAC,CAAC,EACtC,EAAM,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,EACzB,GAAG,EACH,EACA,CACF,CAE4C,CAAE,CAChD,CAEA,MAAM,YACJ,EACuD,CASvD,OARA,MAAM,KAAKC,GACT,EAAO,gBACP,EAAW,EAAO,aAAa,EAC/B,EAAW,EAAO,eAAe,EACjC,OACA,cACF,EAEO,KAAKC,GAAgB,EAAO,eAAe,CACpD,CAEA,MAAM,cAAc,EAAiE,CACnF,IAAM,EAAoB,EAKpB,GAAoB,MAHG,QAAQ,IACnC,EAAkB,IAAK,GAAmB,KAAKC,GAAwB,CAAc,CAAC,CACxF,EAAA,CACyC,UAAW,GAAc,CAAC,CAAS,EAC5E,GAAI,IAAsB,GACxB,MAAM,IAAI,EACR,mBAAmB,EAAkB,GAAoB,sCAC3D,EAGF,IAAM,EAAgB,MAAM,QAAQ,IAClC,EAAkB,IAAK,GAAmB,KAAKC,GAAe,CAAc,CAAC,CAC/E,EACM,EAAkD,OAAO,YAC7D,EAAkB,KAAK,EAAgB,IAAU,CAC/C,EACA,EAAiB,EAAgB,EAAc,EAAO,CACxD,CAAC,CACH,EAEM,EAAwB,EAAO,EAAc,IAAK,GAAM,EAAI,EAAM,CAAC,EAAG,CAAE,KAAM,EAAG,CAAC,CAAC,CAAC,EAEpF,EAAY,MAAM,KAAK,UAAU,cAAc,CACnD,OAAQ,EAAsB,OAC5B,KAAKJ,GAAQ,eACb,KAAKA,GAAQ,kCACf,EACA,MAAO,EACP,YAAa,4BACb,QAAS,CACP,UAAW,EACX,gBAAiB,EACjB,UAAW,IACb,CACF,CAAC,EAID,MAAO,CAAE,cAAa,wBAAuB,gBAFrB,EAAO,CAAC,EAAM,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,EAAG,CAAS,CAEV,CAAE,CAC/D,CAEA,MAAM,iCACJ,EACA,EACA,EACA,EACA,EAAe,EAC6B,CAC5C,IAAM,EAAwD,CAC5D,YACA,oBACA,iBAAkB,EAAW,CAAgB,EAC7C,eAAgB,OAAO,CAAc,EACrC,aAAc,OAAO,CAAY,EACjC,UAAW,MACb,EAEA,MAAO,CACL,OAAQ,EAA8B,OACpC,KAAKA,GAAQ,GACb,KAAKA,GAAQ,kCACf,EACA,MAAO,EACP,YAAa,0CACb,SACF,CACF,CAEA,MAAM,qBACJ,EACuD,CAQvD,OAPA,MAAM,KAAKK,GACT,EAAO,gBACP,EAAW,EAAO,gBAAgB,EAClC,EAAW,EAAO,eAAe,EACjC,EAAW,EAAO,eAAe,CACnC,EAEO,KAAKH,GAAgB,EAAO,eAAe,CACpD,CAEA,MAAM,2BAA2B,EAAqD,CACpF,MAAM,IAAI,EAAmB,mCAAmC,CAClE,CAEA,MAAM,4BAA+D,CACnE,MAAO,CAAE,YAAa,qBAAsB,UAAW,IAAI,WAAW,CAAC,EAAE,CAAC,CAAE,CAC9E,CAEA,MAAM,gBAAgB,EAAiD,CACrE,MAAO,CAAE,aAAc,IAAI,WAAW,CAAC,EAAE,CAAC,EAAG,eAAgB,uBAAwB,CACvF,CAEA,MAAM,eAAkC,CACtC,OAAO,KAAKF,GAAQ,kBACtB,CAEA,WAAkB,CAElB,CAGA,CAAC,OAAO,UAAiB,CACvB,KAAK,UAAU,CACjB,CAEA,KAAME,GACJ,EACuD,CACvD,IAAM,EAAS,MAAM,QAAQ,IAC3B,EAA0B,IAAK,GAAmB,KAAKE,GAAe,CAAc,CAAC,CACvF,EAEA,OAAO,OAAO,YACZ,EAA0B,KAAK,EAAgB,IAAU,CACvD,EACA,EAAiB,EAAgB,EAAO,EAAO,CACjD,CAAC,CACH,CACF,CAEA,KAAMH,GACJ,EACA,EACA,EACA,EACA,EACe,CACf,GAAI,IAAiB,EACnB,MAAM,IAAI,EACR,GAAG,EAAW,WAAW,EAAa,uCAAuC,GAC/E,EAGF,IAAM,EAAU,MAAM,QAAQ,IAC5B,EAA0B,QAAS,GAAmB,CACpD,KAAKK,GAAgB,EAAgB,CAAY,EACjD,KAAKA,GAAgB,EAAgB,CAAe,CACtD,CAAC,CACH,EAEA,IAAK,IAAI,EAAI,EAAG,EAAI,EAA0B,OAAQ,IAAK,CACzD,IAAM,EAAe,EAAQ,EAAI,GAC3B,EAAkB,EAAQ,EAAI,EAAI,GACxC,GAAI,CAAC,EACH,MAAM,IAAI,EAAiB,CACzB,eAAgB,EAA0B,GAC1C,kBACA,QAAS,CACX,CAAC,EAEH,GAAI,CAAC,EACH,MAAM,IAAI,EACR,YAAY,EAAgB,yBAAyB,EAAe,sBAAsB,EAA0B,IACtH,CAEJ,CACF,CAEA,KAAMD,GACJ,EACA,EACA,EACA,EACe,CACf,IAAM,EAAU,MAAM,QAAQ,IAC5B,EAAgB,IAAK,GACnB,KAAKN,GAAQ,aAAa,CACxB,QAAS,KAAKC,GAAQ,mBACtB,IAAK,EACL,aAAc,qCACd,KAAM,CAAC,EAAkB,EAAiB,EAAiB,CAAc,CAC3E,CAAC,CACH,CACF,EAEA,IAAK,IAAI,EAAI,EAAG,EAAI,EAAgB,OAAQ,IAC1C,GAAI,CAAC,EAAQ,GACX,MAAM,IAAI,EACR,mBAAmB,EAAgB,GAAI,sCACzC,EAcJ,IAAM,EAAmB,MAAM,QAAQ,IACrC,EAAgB,IAAK,GACnB,KAAKM,GAAgB,EAAgB,CAAgB,CACvD,CACF,EAEA,IAAK,IAAI,EAAI,EAAG,EAAI,EAAgB,OAAQ,IAC1C,GAAI,CAAC,EAAiB,GACpB,MAAM,IAAI,EAAiB,CACzB,eAAgB,EAAgB,GAChC,kBACA,QAAS,CACX,CAAC,CAGP,CAEA,KAAMA,GAAgB,EAAgC,EAAoC,CACxF,OAAO,KAAKP,GAAQ,aAAa,CAC/B,QAAS,KAAKC,GAAQ,mBACtB,IAAK,EACL,aAAc,iBACd,KAAM,CAAC,EAAgB,CAAO,CAChC,CAAC,CACH,CAEA,KAAMG,GAAwB,EAAkD,CAC9E,OAAO,KAAKJ,GAAQ,aAAa,CAC/B,QAAS,KAAKC,GAAQ,mBACtB,IAAK,EACL,aAAc,yBACd,KAAM,CAAC,CAAc,CACvB,CAAC,CACH,CAEA,KAAMI,GAAe,EAAiD,CACpE,OAAO,KAAKL,GAAQ,aAAa,CAC/B,QAAS,KAAKC,GAAQ,gBACtB,IAAK,EACL,aAAc,aACd,KAAM,CAAC,CAAc,CACvB,CAAC,CACH,CACF"}
|